class PasswordResetsController < ApplicationController
  skip_before_filter :require_login
  def create
    @user = User.find_by_email(params[:email])
    @user.deliver_reset_password_instructions! if @user
    redirect_to(root_path,:notice => '重置邮件已经送达，请查收')
  end

  def edit
    @token = params[:id]
    @user = User.load_form_reset_password_token(params[:id])
    if @user.blank?
      not_authenticated
    end
  end

  def update
    @token = params[:id]
    @user = User.load_from_reset_password_token(params[:id])
    if @user.blank?
      not_authenticated
      return
    end

    # the next line makes the password confirmation validation work
    @user.password_confirmation = params[:user][:password_confirmation]
    # the next line clears the temporary token and updates the password
    if @user.change_password!(params[:user][:password])
      flash[:success] = "#{t('.successfully_updated_password')}"
      auto_login(@user)
      redirect_to root_path
    else
      render :action => "edit"
    end
  end
end
